CVE-2020-11090

Name of the Vulnerable Software and Affected Versions Indy Node versions 1.12.2

Description The issue is related to an Uncontrolled Resource Consumption vulnerability in Indy Node's TAA handling code. A malformed transaction from a client can crash the current primary, leading to a view change. Repeated rapid view changes have the potential to bring down the network. The problem was discovered after reports of StagingNet losing sufficient consensus to validate write transactions, and it appears to be caused by someone sending a malformed transaction and retrying when the transaction fails.

Recommendations For Indy Node version 1.12.2, update to version 1.12.3 to fix the issue. As a temporary workaround, consider restricting the handling of malformed transactions to minimize the risk of exploitation. Additionally, improving the testing strategy on Indy Node can help reduce the probability of such bugs in the future.